Speaking with journalists at CeBIT Australia on Tuesday, ZDNet asked Kaspersky what organisations could have done to prevent WannaCry's onslaught.

"To prevent these types of attacks for small businesses, it's much more easier than for enterprises. They just have to have their updated systems, they have to have their backups, and they have to have security solutions -- and that's good enough," Kaspersky explained.

But when it comes to larger enterprises, he said it's far more complicated than that, pointing to the amount of legacy systems often found in the wild. Machines running on Windows XP, mostly.

"Trying to replace the old systems, you have budgets, downtime, and many other things, but at the same time there are many systems that are certified to Windows XP, so they can't change it -- they can't update the certificates," he said.

"I do understand the complexity of that."

Kaspersky told ZDNet that he can see a place for government intervention where sectors such as healthcare are concerned -- the sector which initially fell victim to WannaCry.

"It could be a good idea for governments, nation states, to pay more attention to regulation of cyberspace at least for critical infrastructure for healthcare," he said.

Regulation around the systems in a hospital, for example, would also require a mandate that ensures such organisations have backups and patch management in place.

As a consequence, Kaspersky said it would also need to define the applications and systems a hospital uses, as well as how much of its tech can be connected to the internet.

But it would also need to extend to having an influence over manufacturers of healthcare equipment.

"In many cases, they have a certificate for the equipment and you can't change that, including the software, so in some cases they can't update and patch the software because of the certificate," he explained.

"It's Windows XP unpatched and it will stay unpatched forever."

Extended support for Windows XP officially ended on April 8, 2014; however, after the WannaCry deluge, Microsoft issued an emergency patch for unsupported systems, which included XP.

Organisations that found themselves infected with WannaCry were met with a ransom demand for $300 in Bitcoin to be sent to the attackers, which soon rose to $600 if payment wasn't made within three days and was followed by the threat of files being deleted forever.

While WannaCry hit over 300,000 organisations around the world, only a tiny percentage of victims have given in to the demands of hackers.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.